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Abstract. Random braids that are formed by multiplying randomly cho- 
sen permutation braids are studied by analyzing their behavior under Gar- 
side's weighted decomposition and cycling. Using this analysis, we propose 
a polynomial-time algorithm to the conjugacy problem that is successful for 
random braids in overwhelming probability. As either the braid index or the 
number of permutation-braid factors increases, the success probability con- 
verges to 1 and so, contrary to the common belief, the distribution of hard 
instances for the conjugacy problem is getting sparser. We also prove a con- 
jecture by Birman and Gonzalez-Meneses that any pseudo-Anosov braid can 
be made to have a special weighted decomposition after taking power and 
cycling. Moreover we give polynomial upper bounds for the power and the 
number of iterated cyclings required. 



Recently the braid groups have become a potential source for cryptography, 
especially, for public- key cryptosystems (see [HUD] for few). The braid groups have 
two important features that are useful for cryptography. Each word can be quickly 
put into a unique canonical form, which provides a fast algorithm not only for the 
word problem but also for the group operation (see [6l[T3l|4]). On the other hand 
no polynomial-time solution to the conjugacy problem in the braid group is known, 
which provides many interesting one-way functions for public-key cryptosystems. 

Before we discuss the history and the main result, we quickly introduce the 
terminologies and basic facts about braid groups. Artin who first studied braids 
systematically in the early 20th century proved that the group B n of rt-strand braids 
can be given by the following presentation: 



The monoid given by the same presentation is denoted by whose elements will 
be called positive braids. 

A partial order -< on B^ can be given by saying x <y for x, y € B+ if a; is a 
(left) subword of y, that is, xz = y for some z S Given x, y G B+, the (left) join 
x V y of x and y is the minimal element with respect to -< among all z's satisfying 
that x < z and y -< z, and the (left) meet x A y of x and y is the maximal element 
with respect to ~< among all z's satisfying that z -< x and z ~< y. Even though 
"left" is our default choice, we sometimes need the corresponding right versions: 



1. Preliminaries and introduction 




• • • , 0~n-l 



o-jOi = o-io-j if \i - j\ > 1 

o-iO-jVi = o- 3 aiaj if \i —j\ = l 



) 
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the partial order -<r of being a right subword, the right join Vr, and the right meet 
Ar. For example, x ~<r y if zx = y for some z £ B^ . 

The fundamental braid A = (<ri ■ • • cr n -i)(cri ■ • • a n ^ 2 ) ' ' ' ("l 02)01 plays an im- 
portant role in the study of B n . Since it represents a half twist as a geometric 
braid, xA = At(x) for any braid x where r denotes the involution of B n sending 
o~i to er„_i. It also has the property that o~i -< A for each i = 1, . . . , n — 1. Since 
the symmetric group £„ is obtained from B n by adding the relations <rf — 1, there 
is a quotient homomorphism : B n — > £„. For S n = {x £ | a; -< A}, the 
restriction q : S n —> S n becomes a 1:1 correspondence and an element in S n is 
called a permutation braid. 

A product a6 of a permutation braid a and a positive braid b is (left) weighted, 
written a \b, if a* A b = e where e denotes the empty word and a* = a -1 A is the 
right complement of a. Each braid x £ B n can be uniquely written as 

x = A u xix 2 ■ ■ ■ x k 

where for each i = l,...,k, Xi £ S n \ {e,A} and Xi\xi + \. This decomposition 
is called the (left) weighted form of x [5J H31 0]. Sometimes the first and the last 
factors in a weighted form are called the head and the tail, denoted by H (x) and 
T(x), respectively. The weighted form provides a solution to the word problem in 
B n and the integers u, u + k and k are well-defined and are called the infimum, 
the supremum and the canonical length of x, denoted by inf(x), sup(a;) and £(x), 
respectively. 

Given x = A u x\x 2 ■ ■ ■ x k in its weighted form, there are two useful conjugations 
of x called the cycling c(x) and the decycling d(x) defined as follows: 

c(x) = A u x 2 ■ ■ ■ x k r u ( Xl ) = t u (H(x)- v )xt u (H(x)), 

d(x) = A u r u (x k )x 1 ■ ■ ■ x fc _! = T(x)xT(x)~\ 

A braid x is cyclically weighted if its weighted form x = A u xix 2 • ■ • x k has the 
property that x k \t u (x\). A braid x is weakly cyclically weighted if H(xt u (xi)) = 
X\ = H(x). A cyclically weighted braid is clearly weakly cyclically weighted. When 
£(x) = 1, the two properties are equivalent and they require x± \t u (x\). 

Let inf c (a;) and sup c (a;) respectively denote the maximum of infimums and the 
minimum of supremums of all braids in the conjugacy class C(x) of x. A typical 
solution to the conjugacy problem in the braid group B n is to generate a finite 
set uniquely determined by a conjugacy class. Historically, the following four finite 
subsets of the conjugacy class C(x) of x £ B n have been used in this purpose: 

The summit set 

SS(x) - {y £ C(x) | inf(y) = inf c (x)} 

was used by Garside in [6J to solve the conjugacy problem in B n for the first time. 
The super summit set 

SSS(x) — {yd C(x) | inf(y) = inf c (a;) and sup(y) = sup c (a;)} 

was used by El-Rifai and Morton in [4] to improve Garside's solution. The reduced 
super summit set 

RSSS(x) = {y £ C(x) | c M (y) = y = d N (y) for some positive integers M, N} 
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was used by Lee in his Ph.D. thesis [12] to give a polynomial-time solution to the 
conjugacy problem in P4. Finally the ultra summit set 

USS(x) = {y £ SSS(x) I c M (y) = y for some positive integer M} 

was used by Gebhardt in [8 to propose a new algorithm together with experimental 
data demonstrating the efficiency of his algorithm. Clearly 

RSSS(x) c USS(x) c SSS(x) c SS(x), 

and RSSS(x) = USS(x) if x is cyclically weighted. All four invariant sets enjoy 
the property that if a~ l ya £ P and b~ 1 yb 6 P for y G P and a,b € S n then 
(a A b)^ 1 y(a A b) € P where P denotes one of invariant sets. So for y 6 P, there is 
a minimal element a £ S n such that a~ 1 ya 6 P. Franco and Gonzalez-Meneses[5 
first proved this property for the super summit set and then Gebhardt [8] did it for 
the ultra summit set. Using this property, they were able to generate an invariant 
set more efficiently. Unfortunately there is no estimate for the sizes of the invariant 
sets and so we do not know the complexity of any algorithm based on the generation 
of an invariant set. 

In this paper we survey a fast algorithm to the conjugacy problem on generic 
braids. In the algorithmic sense, generic braids means random braids that are 
built by multiplying randomly chosen permutation braids. In the dynamical sense, 
generic braids means pseudo-Anosov braids. In Section 2, we first give a combi- 
natorial analysis on random braids to find out how quickly the head of a random 
braid becomes stable as the braid index or the canonical length increases. Then we 
show that a random braid is cyclically weighted up to cycling in an overwhelming 
probability so that its RSSS(x) is predictable and small. Using this, we propose a 
polynomial-time algorithm to the conjugacy problem for random braids. Some of 
proofs are omitted or brief in this section and full proofs will appear elsewhere. 

In Section 3, we show that some power of a pseudo-Anosov braid is always 
cyclically weighted up to cycling and we also give upper bounds for the necessary 
exponent and the necessary number of iterated cyclings. Our upper bounds are 
polynomial in canonical length so that there would be a polynomial-time solution 
to the conjugacy problem for pseudo-Anosov braids once the size of reduced super 
summit sets are known to be polynomial in canonical length. Finally we give an 
example of a cyclically weighted pseudo-Anosov braid whose reduced super summit 
set is relatively large to show there are still some more work required to give a good 
estimate of the size of reduced super summit sets. 

2. A FAST ALGORITHM TO THE CONJUGACY PROBLEM FOR RANDOM BRAIDS 

We assume that the permutation braids in S n are uniformly distributed so that 
each permutation braid can be chosen with an equal probability of l/n\. We con- 
sider random braids that are formed by multiplying k factors, each of which is a 
permutation braid chosen randomly from S n . Random braids need not be positive 
and nonpositive random braids are obtained by multiplying a random (negative) 
power of the fundamental braid A. Since A commutes with any braid up to the 
involution r, a power of A can be ignored in most of the discussions so that random 
braids are assumed to be positive. In this section, we study the behavior of random 
braids with respect to two parameters k and n. We reveal some unexpected facts 
regarding the braid index n. 
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For integers 1 < i < j < n, we say that a positive n-braid x begins with an 
inversion if the head H(x) exchanges i and j as a permutation. For permu- 
tation braids x\, X2, ■ ■ ■ ,Xk chosen randomly from S n , let D(n,k,(i,j)) denote the 
probability that x\x 2 ■ ■ ■ Xk begins with the inversion (i, j). In particular an inver- 
sion (i, i + 1) that a positive braid x begins with is called a descent of x and V(x) 
denotes the set of all descents of x. We will write D(n, k, (i, i + 1)) := D(n, k, i). 
Then D(n, k) := Y^i=i D{n, ^, i) denotes the average number of descents of a ran- 
dom braid X1X2 • ■ -Xk- It is easy to see that D(n, 1, (i, j)) = 1/2 for i = 1, . . . ,n — 1 
since the i-th and j-th strings in x\ cross each other in the probability 1/2. Thus 
D(n, 1) = (n — l)/2. We need more delicate combinatorial analysis to obtain an 
estimate of D(n, k) for k > 2 that is sharp enough to be useful. In fact we will give 
an estimate on how fast d(n, k) := D(n, k) — D(n, k — 1), the average contribution to 
descents of the product xix 2 • ■ ■ Xk by the last factor Xk, approaches to as either 
n or k increases. 

Lemma 2.1. We have 

1 ™- 2 ; 1 k (i-l\(n-i-l\ 

Din 2 ») = ! + I sr^ n-k-l ( 3 )[ k -j ) 

V{n,z,i) 2 + 2^ 2^ ( fe+2N 

v ' k=0 \ k ) 3=0 Vj+1/ 

1 n-k-l 

and d(n,2) < — — — . In particular, d(n,2) is in O(logn) and is not a 

k—0 

decreasing function. 

Proof. For a braid x e B n , x : {1, 2, . . . , n} — ► {1, 2, . . . , n) denotes the permutation 
q(x) G S„. In order that <7i is a descent of x = x\x 2 contributed by x 2 , all the 
following two conditions must hold. 

(1) xi{i) < xi{i + 1); 

(ii) If x^ 1 (a) < i and x^ l (b) > i + 1 for a, b with Xi(i) < a, b < x±(i + 1), then 
x 2 (b) < x 2 (a). 

The condition (i) contributes 1/2. The number of choices for x\{i) and x\{i + 1) 
can be expressed in two distinct ways: (™) = X)fc=o( n ~ k — 1) where k = Xi(i + 
1) — Xi(i) — 1. The number of choices for k integers sent between X\{i) and xi(i + l) 
by x\ can be also expressed in two ways: (™^ 2 ) = X^=o O^ 1 ) ("fe-j 1 ) ' Then the 
A: + 2 integers + . . . + are divided into two groups such that the 

first group consists of j + 1 integers whose preimage under x\ is less than or equal 
to i, and the remaining k — j + 1 integers have preimages greater than or equal to 
i + 1. The condition (ii) requires that 0:2 permutes the fc + 2 numbers so that each 
image of the first group is larger than all images of the second group. The claimed 
formula for D(n, 2, i) in Lemma should be clear now. The rest of proof is technical 
and omitted. □ 

In general, we have the following properties that are extremely useful to give an 
estimate for an upper bound of D(n, k, i). 

Lemma 2.2. (1) D(n,k,i) = D(n,k,n — i) and D(n,k,i) > D(n,k,j) for 
1 <i<3 < [n/2\ 

(2) D(n,k, (i, j)) < D(n + i - j + l,k,i) (The equality holds for k = 1,2) 

Proof. Since V(xi . . . Xk) — T>(x\H(x 2 . . . Xk)), the argument for random braids of 
two factors in the previous lemma can similarly be applied to show (1). For a 
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random n-braid x = x\ . . . Xk made of k permutation braids, let x' be the (n + i — 
j + l)-braid obtained from x by deleting j — i — 1 strings from the (i + l)-th to 
(j — 1 )-th. If x begins with a inversion then x' must have the descent o~i. The 

converse is also true for k = 1,2. This proves (2). □ 

Theorem 2.3. For all n > 2, k > 2, and 1 < i < n — 1, D{n,k,i) is recursively 
bounded above by 

1 o , lz3 _ _ i a 

v y a=0 y ' 6=0 

where D(n,0, 1) = and D(n, 1, 1) = 1/2 for all n. 

Proof. Again since V(x\ . . . x^) = V{x\H{x2 ■ ■ ■ xu)), a typical usage of induction 
on k together with inequalities in Lemma [2 .21 gives a proof. The details are omitted. 

□ 

As a corollary, we have the following estimate for d(n, 3). This is rather surprising 
because the total number of descents of a random n-braid contributed by the third 
factor (and by all following factors) eventually decreases to as the braid index 
increases. The maximum occurs at n = 9 and this means that 9-braids are the most 
well-mixed in their weighted forms, for example, when two braids are multiplied. 

Corollary 2.4. We have 

1 Inn 3(lnn) 2 



D(n,3,l) < 



and so asymptotically d(n, 3) < 



2 n — 1 n(n — 1) 
3(lnn) 2 



Proof. Omitted □ 



Even though a recursive upper bound is given in Theorem 12. 3[ it is difficult to 
describe an upper bound for D(n, fc, i) as a neat formula. Instead we use (n — 
l)(_D(n, fc, 1) — D{n,k — 1,1)) as an estimate for an upper bound of d(k,n) and 
present a table for these upper bounds for some choices of (n, k) that are relevant 
to Gebhardt's experiment in [8]. The table shows that d(n,k) converge to as k 
increases and moreover the larger the n becomes the faster it converges to 0. 

Since d(n,k) quickly converges to and D(n,k) is much less than n — 1, it 
is extremely difficult to produce A by multiplying randomly chosen permutation 
n-braids unless the number of chosen permutation n-braids is comparable to n!. 
Thus we assume in the rest of the article that inf(xi • ■ • Xf~) = 0. Since sup(x) = 
— inf(x _1 ), we may assume that sup(iri • • ■ x^) = k as well. 

We now observe some of the properties that random braids enjoy with an over- 
whelming probabilities. We will use the notation Prob[5(x) : x] or simply Prob[5(x)] 
to denote the probability that the statement S(x) is true for a random choice of x. 

Lemma 2.5. For randomly chosen permutation n-braids X\, . . . ,Xk, let x = x\ ■ ■ ■ x^. 
Then the probability that the following equivalent properties hold is greater than 
1 — min{d(n, k), 1}.' 

(1) For a randomly chosen permutation n-braid a, H(x) = H(xa); 



(2) For a randomly chosen permutation n-braid a, T{x) — T(ax). 
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7 \ 

k\n 


4 


6 


8 


10 


15 


2 


6.04 x 10~ 


-i 


8.58 x 10 


-i 


1.06 




1.22 




1.54 




5 


9.08 x 10 


-2 


1.67 x 10 


-l 


2.01 x 10- 


-l 


2.01 x 10" 


-l 


1.57 x 10- 


-l 


10 


3.00 x 10 


-3 


7.17 x 10 


-3 


1.19 x 10- 


-2 


1.57 x 10" 


-l 


1.54 x 10- 


-2 


20 


2.91 x 10- 


-6 


7.03 x 10 


-6 


1.21 x 10- 


-5 


1.70 x 10- 


-5 


2.18 x 10- 


-5 


30 


2.85 x 10- 


-9 


6.86 x 10 


-9 


1.18 x 10- 


-8 


1.66 x 10- 


-8 


2.12 x 10- 


-8 


/in 


2.78 x 10- 


12 


6.70 x 10- 


12 


1.16 x 10- 


11 


1.62 x 10- 


11 


2.07 x 10- 


11 


50 


3.00 x 10- 


15 


6.11 x 10- 


15 


1.24 x 10- 


14 


1.50 x 10- 


14 


2.02 x 10- 


14 


k\n 


20 


30 


50 


75 


100 


2 


1.78 




2.13 




2.59 




2.97 




3.24 




5 


1.18 x 10- 


-1 


7.4 x 10- 


2 


3.82 x 10- 


-2 


2.17 x 10- 


-2 


1.43 x 10- 


-2 


10 


9.33 x 10 


-3 


3.21 x 10 


-3 


8.61 x 10" 


-4 


3.22 x 10- 


-4 


1.65 x 10- 


-4 


20 


1.70 x 10- 


-5 


6.85 x 10 


-6 


1.74 x 10- 


-6 


6.25 x 10- 


-7 


3.14 x 10- 


-7 


30 


1.66 x 10 


-8 


6.77 x 10 


-9 


1.73 x 10- 


-9 


6.20 x 10- 


10 


3.11 x 10- 


10 


40 


1.62 x 10- 


11 


6.61 x 10" 


12 


1.67 x 10- 


12 


6.08 x 10- 


13 


2.97 x 10- 


13 


50 


1.48 x 10- 


14 


6.44 x 10" 


15 


< 10" 15 




< 10" 15 




< 10" 15 





Table 1. Upper bounds for d(n, k) 



Proof. If H(x) ^ H{xa), then T>{x2 ■ ■ ■ %k) ^ 2?(^2 ■ ■ ■ Xka). 

Prob[P(a;2 . . .Xk) ^ V{x 2 ■ ■ ■ x k a) : (x 2 , ■ ■ ■ , xu, a)] < min{d(n, k), 1} 

because d(n, k) is the average contribution to descents by the fc-th factor which is 
a. Thus (1) follows. 

Consider (ax)- 1 = 4r(4_ x ) • • • T k - 1 {x* 1 )T k (a*)A-^ k + 1 \ Then 

T(ax)* = ff(a*T(zjU) ' ' ' r^ 1 (xl)r k (a*)) 

and similarly T(x)* — H(x* k T(x^,_ 1 ) ■ ■ ■ r k ~ x [x*)). If Xi, . . . ,Xf.,a are random, so 
are x* kl T(x* k _ l ), . . . ,T k - 1 (x* 1 ),T k (a*). Thus (2) follows since T(ax) = T(x) if and 
only if ff(x*T(4-i) ' ' ■ T k -\x\)r k {a*)) = H{^xl_ x ) ■ ■ ■ r^ 1 ^)). □ 

Lemma 2.6. For k > 3 and randomly chosen permutation n-braids xi, . . . , x k and 
a randomly chosen integer u, the probability that x = A u x± ■ ■ ■ x k is weakly cyclically 
weighted is greater than l—2d(n,k). In particular Prob[x G SS(x) : x] > 1— 2d(n, k) 



Proof. For the simplicity of notation, we assume u — 0. Lemma 12.51 implies 

Prob[iJ(a:i ■ • ■ x k ) = H(x\ ■ ■ ■ x k xi ■ ■ ■ x k ) : (xi, . . . , x k )] 

> 1 - mm{d(n, k) H h d(n, 2k), 1} 

According to our estimate via Theorem l2.3i 1 > d(n, k) > 2d(n, k + 1) for k > 3. 
Thus 

1 - mm{d(n, k) + . . . + d(n, 2k), 1} > 1 - 2d{n, k). 

If x is weakly cyclically weighted, inf(x) = mi(c l (x)) for all z > and so i G 
SS(x). □ 

Corollary 2.7. For k > 3 and randomly chosen permutation n-braids x\, . . . ,x k 
and a randomly chosen integer u, the probability that x — A u x\ ■ • ■ x k £ SSS(x) is 
greater than 1 — 4d(n, k). 
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Proof. By Lemma l2~6l 

Prob[ai $ SSS{x)} < Prob[x $ SS(x) or aT 1 £ SSfc- 1 )] 

< Prob[a: g SS{x)) + Prob^ 1 f SS*^ -1 )] 
= 2d(n,k) + 2d(n,fc) 

and so 

Prob[a; e SSS(x)] > 1 - 4d(n, fc). 

□ 

Lemma 2.8. For k > 3 and randomly chosen permutation n-braids x%, . . . , Ze< 
X — X \ ' ' ' Xfa • Then the probability that the following equivalent properties hold is 
greater than 1 — 2d(n, fc): 

(1) For any permutation braid a, H(x) = H{xa) or t(H(xo)); 

(2) For any permutation braid a, T{x) = T(ax). 

Proof. The argument is similar to Lemma 12.51 but the difference is that we need 
to assume that the probability that a pair of strands has a crossing in a is 1 for 
(1) and for (2). On the other hand, it was 1/2 in Lemma \2. 51 Then this lemma 
becomes obvious. □ 

Theorem 2.9. For fc > 12 and randomly chosen permutation n-braids X\, . . . , x^and 
a random integer u, the probability that c 3 (A"a;i • • ■ xu) is cyclically weighted for 
some j < |_§ J is greater than 1 — 2d(n, |_4 J). 

Proof. For the simplicity, we again assume u — 0. We also assume that x £ SSS(x) 
and this happens with the probabiltiy > 1 — 4d(n, fc). Let y\ ■ ■ ■ yf. be the weighted 
form of x = x\ ■ ■ ■ Xk, h = [fj , and q = [j\ . 

Set a = T{x\ ■ ■ -x^)* A FHx^+i ■ • Then we have 

H(yh+i ■ ■ ■ VkVi ■ ■ ■ Vh) = H(y h+1 ■ ■ ■ y k yi) = H(a~ 1 x h+1 ■ ■ ■ x k y x ) 

and 

yu+i = H(y h +i ■■■yk) = H(a^ 1 x h+ i ■ ■ ■ Xk). 

By Lemma [2~8l 

Prob[H(x h+q+1 ■■■x k ) = H(x h+q+ i ■ ■ ■ XkVx)] > 1 - 2d(n, k - h - q) 

and 

Prob[T(a _1 x, l+ i • • • x h+q ) = T(a~ 1 x h+q ■ ■ ■ x h+q ] > 1 - 2d(n, q). 

So 

Prob[H(a~ 1 x h +i ■ ■ ■ x k ) = H(a~ 1 Xh+i ■ ■ ■ XkVi)] > 1 - 2d(n, q). 

Thus 

Prob[i? (yn+i ■ ■ ■ ykyi ■ ■ ■ Vh) = Vh+i] > 1 - 2d(n, q). 
Similarly, we have 

Prob[T(y h+1 ■ ■ ■ y k y x ■ ■ ■ y h ) = y h ] > 1 - 2d(n, q). 

Since yj \yj+i, the probability that c J ( A u x± ■ ■ ■ Xk) is cyclically weighted is greater 

than or equal to 1 - 2d(n, [_f J). We note that 1 > M n > L|J) > 4rf ( n > k ) for k > 12 
and so our assumption x £ SSS(x) makes no dfference. □ 
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We now know from Theorem 12.91 that a random braid can be made cyclically 
weighted by a small number of iterated cyclings with an overwhelming probability. 
A cyclically weighted braid x already belongs to USS(x) — RSSS(x) and hence 
the conjugacy problem can be solved by generating USS(x). In the remaining 
of this section, we will show USS(x) is very small for a random braid x, in fact 
\USS(x)\ < 2t{x), with an overwhelming probability. 

Let P denote one of the conjugacy invariant sets SS, SSS, U SS, RSSS and let 
y G P{x). If a nontrivial positive n-braid 7 satisfies 7~ 1 ?/7 G P{x), 7 is called a 
P-conjugator of y. A P-conjugator 7 of y is minimal if either 7~</3or7A/3 = e 
for each positive braid (3 with f3~ 1 yf3 G P{x). In fact it is not hard to see that 
a minimal P-conjugator satisfies 7 -< T mf ( y '(H(y)) or 7 -< T(y)* or both (For 
example, see [5]). A conjugator 7 satisfying 7 -< T mi ^(H(y)) (or 7 -< T(y)*, 
respectively) will be called a cut-head (or add-tail) conjugator. In particular, if y 
is cyclically weighted and 7 is its P-conjugator then it can not be both cut-head 
and add-tail since T(y) [T int ^ (H(y)), that is, T(y)* A T int ^ (H \y)) = e. If 7 is a 
f/S'S'-conjugator of a cyclically weighted braid y, it is also a PS'S'S'-conjugator and 
7~ 1 ?/7 is cyclically weighted. We note that if 7 is an add-tail conjugator of y, then 
7 is a cut-head conjugator of y . 

Theorem 2.10. For k > 3 and randomly chosen permutation n-braids X\, . . . ,Xk 
and a randomly chosen integer u, assume that y G USS(A w x\ ■ ■ ■ Xk) is cyclically 
weighted andt is a USS-minimal cut-head (or add-tail, respectively) conjugator ofy. 
Then the probability that t — r u {H{y)) (ort = T{y) ) is greater than 1 — 2d(n, k — 1). 

Proof. If T^y) = T{y) and t ^ T u (H(y)), t~ l yt can not be in SSS(A u Xl ■ ■ ■ x k ) 
since s\xp(t~ 1 yt) = sup(y) + 1. Now the conclusion is immediate from Lemma 12.81 

□ 

Corollary 2.11. For k > 12 and randomly chosen permutation n-braids x\, . . . , Xk 
and an integer u, let x — A w xi ■ ■ ■ Xk- Then the probability that USS(.t) = 0(y) U 
0(r(y)) for some y G USS(x) is greater than 1 — 2d(n, |_t_|) where 0(y) = {^(y) \ 
i > 0} is a finite set called the cycling orbit of y G USS(x). 

Proof. Immediate from Theorem 12.91 and Theorem 12.101 since 1 > 2d(n t |_§J) > 
2d(n, k - 1) for k > 12. □ 

Given a random braid x G B n , an algorithm to generate USS(x) is now extremely 
simple. In fact, it proceeds as follows: 

(1) Compute y = c J (x) where j — L^f^J- 

(2) Output either {c l (y), r(c l (y)) | < i < l(x) — 1} if inf(y) is even, or 
{c l (y) \ 0<i< 2£(x) - 1} if inf(y) is odd. 

Since the operation to build a left canonical form has running time 0{k 2 n\ogn) 
(see [13]) and this algorithm requires k cycling operations, the overall running time 
is O(k 3 nlogn). For a given n-braid x of k random permutations, it generates 
USS(x) successfully with probability greater than 1 — 2d(n, by Corollarv l2.11l 

3. Conjugacy problem for pseudo-Anosov braids 

As far as Garside's weighted decomposition is concerned, we will show that 
pseudo-Anosov braids behave similarly to random braids that we discussed. This 
is rather surprising because the dynamical notion of generic braids are seemingly 
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far from the combinatorial notion. On the other hand, this may be natural in 
the sense that a braid chosen randomly as a mapping class should be expected 
to be pseudo-Anosov. J. Gonzalez-Meneses discovered a surprising phenomenon 
that some power of any pseudo-Anosov braid is cyclically weighted up to cyclings 
and J. Birman announced this phenomenon as a conjecture at the first East Asian 
School of Knot Theory and Related Topics in 2004. We verify this conjecture and 
give upper bounds for the exponent and the number of iterated cyclings required. 
Recently the proposers independently verified their conjecture in [2J. In short, we 
will prove that for any pseudo-Anosov braid x, there are integers 1 < M < D 3 and 
1 < N < D 4 £(x) such that c N (x M ) is cyclically weighted where D = n ("~ 1 ) , i n 
[5] , We give a polynomial-time algorithm to decide the dynamical type of any given 
braid by using this special property and these bounds. 

Lemma 3.1. Let x be an n-braid. Then there exists y € C{x) and an integer 
1 < M < D 3 such that y M is weakly cyclically weighted. 

Proof. It was shown in [11) that for any n braid x, there exists y G C{x) and an 
integer Mi > such that inf((y Ml ) 1 ) = iinf(y Ml ) for all i > 1. Let z = y Ml . 
Since any unexpected A can not be produced by taking powers of z, there exists 
< M 2 < D such that H{z Al2 ) = H(z k ) for all k > M 2 as argued in 3 . Thus z M<1 
is weakly cyclically weighted. □ 

Lemma 3.2. Let x be an n-braid. If x is cyclically weighted and t(x) > 2, then 
every braid in RSSS(x) is cyclically weighted. 

Proof. Since x is cyclically weighted, x € RSSS(x). It is enough to show that 
t~ 1 xt is cyclically weighted when t is minimal among conjugators such that t~ l xt £ 
RSSS{x). Let x = A. u x\ ■■ - xi be the weighted form that is cyclically weighted. 
Then either r u (t) -< Xi or t -< x\ since t is minimal. Suppose that r u (t) -< x\. 
Then 

r Y xt = A u (t^ 1 xit 2 ) ■ ■ ■ (t^xeT^ih)) 
is the weighted form where t\ — r u (t) and t j = Xi A a;*_ 1 r(ti_i) for 1 < i < £. If 
t~ x xt is not cyclically weighted, then (tj 1 X£T~ U {ti)){T~ u (t^ 1 x^)) is not weighted. 
Thus 

c(t^xt) = A u {t 2 7 1 x 2 t 3 ) ■ ■ ■ {tJ^xt-^it^xtr^^T-^lf^xtl^) 

is the weighted form and t\ -< t[ -< x\ because 

T^it^xlriti) Mau- U {t 1 )- 1 T- U {x l t 2 ) + e 

and so T~ u {ti) ~< x^ritt) A t~ u (xi) = T~ u (t[). Since the last £ - 2 factors of 
t~ 1 xtT(t~ 1 xty 1 are equal to the first 1-2 factors of c{t~ x xt), c^(i _1 a!i _1 ) = 
t'^ 1 xt' 1 and T u (t) -< t[ -< sci. This implies that c 2U (t~ 1 xt~ 1 ) = s7}xs^) for i > 0, 

where sm) = t and s/,) ^ s (i+i) ~> Thus s/^-n = r — "(xi) for some j > and 

so S(j) = t~ u (xi) for i > j. Since £ _1 a;i e RSSS(x) and so = c 2£j {t~ x xt) 

for some j' > j, t~ x xt — c 2£j (t _1 :ct) = t~ u (xi)~ 1 xt~ u (x\) = c(x). But this is 
a contradiction since c(x) is cyclically weighted. Thus t~ l xt must be cyclically 
weighted. If t -< x\ then T - u - e (t) -< i^a;- 1 ). Since a;" 1 € flSSS^" 1 ) and 
is cyclically weighted, so is t~ 1 x~ 1 t by the above. Thus t~ x xt is cyclically 
weighted. □ 
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Theorem 3.3 (Birman-Gonzalez-Meneses Conjecture). Let x be a pseudo-Anosov 
n-braid. Then there is a positive integer M such that every braid in RSSS(x M ) is 
cyclically weighted. 

Proof. By Lemma IBTTl there exists y € C(x) and an integer K > such that y K is 
weakly cyclically weighted and i{y K ) > 2. Since y K e SS(x K ) and SS(x K ) is finite, 
d(y K ) = ci +N {y K ) for some j,N> 0. Set z = c^(y K ) and &{z) = A u Z t Q, where 
Zi and Qi are the head and the rest of c l (z), respectively. Since z — c (z) = r y~ 1 z~f, 
7 is an element of the centralizer of z, where 7 = t~ u (Zq ■ ■ ■ Z^-i). It is well- 
known that the centralizer of z is generated by a pseudo-Anosov n-braid a and a 
periodic n-braid p such that p p — A 2 (see [7]). Thus we can write z — p Ul a Vl and 
7 = p U2 a" 2 . Then z V2 = ^i^-^ti^ an( j so z v 2P = ^2(u 1 « 3 -« 3 o 1 ) 7 o 1 p > 0n the 

other hand, Zi\Zi + \ for i > since y^ is weakly cyclically weighted and so is z. 
Since Z^-i \Zn and Z^r = ^jv-i |~^o- Thus 7 is cyclically weighted and so z V2P 
is cyclically weighted. Since £(z V2P ) > 2, every braid in RSSS(x V2pK ) is cyclically 
weighted by Lemma I5T21 □ 

Lemma 3.4. Suppose that x is a braid such that x £ SSS(x) and inf (x l ) = i inf (a;), 
sup(a; 4 ) = isup(a:) for i > 1. If x N is cyclically weighted for some N > 1 i/ien a; 
itsey is cyclically weighted. 

Proof. Under the hypotheses, neither new A's can be formed nor factors can be 
merged by taking powers. Thus t"^" 1 ' (H(x)) -< H{x N ) and T(x) y R T(x N ). 
Consequently T{x N ) \t uN (H(x n )) implies T(x) [t u {H{x)). □ 

Corollary 3.5. Let x be a pseudo-Anosov braid in B n . Then x M is conjugate 
to a cyclically weighted braid for some 1 < M < D 2 . Moreover, every braid in 
RSSS(x M ) is cyclically weighted for some 1 < M' < 2D 2 . 

Proof. In Theorem 13. 31 we have already proved the existence of such an M and so 
we discuss the upper bound for M. By [11], there exists a positive integer M < D 2 
and y £ C(x) such that inf((j/ M )') = iinf(y M ) and sup((y M ) 1 ) = isup(y M ) for 
i > 1. Let z = y M . Since z is pseudo-Anosov, z M is conjugate to a cyclically 
weighted braid for some M' > 1. Hence, z is conjugate to a cyclically weighted 
braid by Lemma 13.41 

On the other hand, every braid in RSSS(z 2 ) is cyclically weighted by Lemma 
EH since £(z 2 ) > 2. Thus M' < 2M and so 1 < M' <2D 2 . ~ □ 

The next theorem tells us how fast we can obtain a cyclically weighted braid 
that is conjugate to a power of a given pseudo-Anosov braid. In the theorem, we 
assume that a braid is conjugate to a cyclically weighted braid instead of being 
pseudo-Anosov. This assumption is weaker because of Corollary 13. 51 

Theorem 3.6. Let y be an n-braid such that inf((y) 1 ) = iinf(y) and sup((y) 1 ) = 
i sup(y) for all i > 1 and y E SSS(y) and let x = y 2D If x is conjugate to a 
cyclically weighted braid, then a cyclically weighted braid must be obtained from x 
by at most n! l{x) iterated cyclings. 

Proof. It was proved in Lemma I3T21 that if RSSS(x) contains at least one cyclically 
weighted braid, then every braid in RSSS(x) is cyclically weighted. Thus iterated 
cyclings on x must produce a cyclically weighted braid. Let y = c N (x) be the cycli- 
cally weighted braid obtained from x by the minimal number of iterated cyclings. 
Since inf (a;) is even, we assume inf (a;) for the sake of simplicity. 
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Let y = y\yi ■ ■ ■ yu be the weighted form. First one can prove by induction on 
i > 1 that for all 1 < i < N 

c (x) = my^^Zi 

for some permutation braid a$ satisfying y\2-k-i] ' ' ' ^~ R a i ?±R e an d 

a positive braid Zi = yn-k-i] ' ' ' V[-i-i]V[-i] a i^ where [to] denotes the integer be- 
tween 1 and k that equals m mod k. Then c N ~ l (x) is completely determined by 
choosing a nontrivial permutation braid ai satisfying 

&i -<R V[2-k-i] ■ ■ ■ J/[-l-i]2/[-i]< 

For each 1 < i < £(x), there are at most nl such choices. Thus N < n\l{x). A 
complete proof appears in [5] . □ 

Given any pseudo-Anosov braid, we now know that we are able to generate 
a cyclically weighted braid that is conjugate to some power of the given braid in 
polynomial time. Thus a polynomial-time algorithm to solve the conjugacy problem 
for pseudo-Anosov braids will be completed as soon as we know how to generate 
the whole set RSSS(x) for a pseudo-Anosov and cyclically-weighted braid x. If 
x is a pseudo-Anosov and cyclically-weighed braid obtained by iterated cyclings 
on a product of randomly chosen permutation braids, then RSSS(x) has at most 
two cycling orbits in an overwhelming probability. But there are plenty of pseudo- 
Anosov and cyclically weighted braids whose reduced super summit set are not so 
simple. 

Consider the following permutation 7-braids: 

x\ = oi<J\o-iOi<J'bi X2 — 02<J5<Je, x^ = o^ceerg, x ^ — oiOhO^a^a^. 
Then x — X1X2X3X4 is pseudo-Anosov and cyclically weighted. But a^xa^ is 




Figure 1 . A pseudo-Anosov braid that is "quasi-reducible" 

again cyclically weighted and forms a new cycling orbit in RSSS{x). In fact, the 
number of cycling orbits in RSSS(x) is 10. We say that pseudo-Anosov braids of 
this kind are quasi-reducible because they are almost reducible and contain most 
of complications due to reducibility. Consequently we still need more study to 
estimate the size of RSSS(x) for a pseudo-Anosov and cyclically weighted braid x. 
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